boutique replica bags up ideas

the best replique rolex and prices here.

julia highlight 99j hair color 10a quality straight human hair lace front wigs 8 - 24 inches pre plucked hairline 13x4 inches lace front brazilian wig onlinefor sale

Prevent Cross-Site Request Forgery (CSRF) Attack in ASP.NET MVC

Updated on     Kisan Patel

To avoid cross site scripting attack where a request to submitted to the form that is not originally the form where the request should be submitted, we can use @Html.AntiForgeryToken() in the form.

@using (Html.BeginForm()) {
   @Html.AntiForgeryToken()
   @Html.ValidationSummary(true)
   <div class="editor-label">
       @Html.LabelFor(model => model.EmailID)
   </div>
   <div class="editor-field">
       @Html.EditorFor(model => model.EmailID)
       @Html.ValidationMessageFor(model => model.EmailID)
   </div>
}

@Html.AntiForgeryToken line generated Hidded element in in the form with encrypted value and it is validated in the server side to ensure that CSRF is not happening

Just keeping the @Html.AntiForgeryToken() in the form is not enough in the view. We also need to add [ValidateAntiForgeryToken] attribute in the action method of the controller where the form is being submitted.

[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Index(Details model)
{
}

Now, we can be 100% sure that the request coming to this action method is 100% originating from our own form and there is no CSRF.


ASP.NET MVC

Leave a Reply